Module org.elasticsearch.security
Class DelegatedAuthorizationSupport
java.lang.Object
org.elasticsearch.xpack.security.authc.support.DelegatedAuthorizationSupport
Utility class for supporting "delegated authorization" (aka "authorization_realms", aka "lookup realms").
A
Realm may support delegating authorization to another realm. It does this by registering a
setting for DelegatedAuthorizationSettings.AUTHZ_REALMS, and constructing an instance of this
class. Then, after the realm has performed any authentication steps, if hasDelegation() is
true, it delegates the construction of the User object and AuthenticationResult
to resolve(String, ActionListener).-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedDelegatedAuthorizationSupport(Iterable<? extends Realm> allRealms, List<String> lookupRealms, Settings settings, ThreadContext threadContext, XPackLicenseState licenseState) Constructs a new object that delegates to the named realms (lookupRealms), which must exist withinallRealms.DelegatedAuthorizationSupport(Iterable<? extends Realm> allRealms, RealmConfig config, XPackLicenseState licenseState) Resolves theDelegatedAuthorizationSettings.AUTHZ_REALMSsetting fromconfigand callsDelegatedAuthorizationSupport(Iterable, List, Settings, ThreadContext, XPackLicenseState) -
Method Summary
Modifier and TypeMethodDescriptionbooleanAre there any realms configured for delegated lookupvoidresolve(String username, ActionListener<AuthenticationResult<User>> resultListener) Attempts to find the user specified byusernamein one of the delegated realms.toString()
-
Constructor Details
-
DelegatedAuthorizationSupport
public DelegatedAuthorizationSupport(Iterable<? extends Realm> allRealms, RealmConfig config, XPackLicenseState licenseState) Resolves theDelegatedAuthorizationSettings.AUTHZ_REALMSsetting fromconfigand callsDelegatedAuthorizationSupport(Iterable, List, Settings, ThreadContext, XPackLicenseState) -
DelegatedAuthorizationSupport
protected DelegatedAuthorizationSupport(Iterable<? extends Realm> allRealms, List<String> lookupRealms, Settings settings, ThreadContext threadContext, XPackLicenseState licenseState) Constructs a new object that delegates to the named realms (lookupRealms), which must exist withinallRealms.- Throws:
IllegalArgumentException- if one of the specified realms does not exist
-
-
Method Details
-
hasDelegation
public boolean hasDelegation()Are there any realms configured for delegated lookup -
resolve
Attempts to find the user specified byusernamein one of the delegated realms. The realms are searched in the order specified during construction. Returns asuccessful resultif aUserwas found, otherwise returns anunsuccessful resultwith a meaningful diagnostic message. -
toString
-